Controlling Tinderbox from within a FreeBSD jail

How to control a Ports Tinderbox from within a FreeBSD jailThe problem:
By default, FreeBSD jails do not allow nullfs or NFS mounts from within the jail. As Tinderbox requires either an NFS or nullfs mount to operate, this makes Tinderbox operation from within a jail impossible.The solution:
The goal here was simple: implement a way where a jail can control both the Tinderbox web interface and the build queue without requiring chroot(8) access from the host.

The end result of the following configuration is this:

A jail that is fully capable of creating build queue entries and new
builds1

A jail that hosts the Tinderbox web interface

A jail host that performs the tasks called from within the jail, for example
performing the actual builds

1 – Note that because FreeBSD jails cannot use chflags(8), you will still
need to create the Tinderbox jails from within the host.

It is assumed you have already created a FreeBSD jail for Tinderbox use.

Host configuration – install the basic Tinderbox dependencies:

Using make config, enable only the database client you
need

Install Tinderbox from Ports

Create a nullfs mount from the host to the same logical
path within the jail

For example, if your host Tinderbox directory is /usr/local/tinderbox,
the path within the jail must be the same.